Link Manipulation

First of all hello all, this is my first post!

I have a question regarding link manipulation. (yeah I know big surprise)

In the video of Volume one, Session 3: What is Phishing, Vishing and SMShing at 5:30 there is an example of a link manipulation technique followed by an explanation on how to spot them.

The link is : REAL PHISHING LINK, DO NOT GO HERE paypal.co.uk.yxrkt.2b7q8.bukafa.com/

The explanation on how to spot the real domain, is that the real domain is on the left of the HDL with no / to the left of it. The shown link has no slashes in front of either HDL .co.uk or .com.
This is also the same for the first example at the start of the video: http://www.google.com.stationx.net

My question is: Do the slashes in http:// count as slashes for link manipulation? If not, can someone explain to me why it is obviously phishing, because I really don’t know.

Thank you very much in advance and I hope you all have a nice day! :slight_smile:

I missed a note on screen which told me that the slashes in http:// do not count. I have gone over the video again and I think the real domain is the last HLD in a URL without a slash to the left of it other than the http ones obviously. Is that correct?

Wesley,
In the example of, " paypal.co.uk.yxrkt.2b7q8.bukafa.com/", you will follow the URL until you reach the first ‘/’ NOT counting ‘http://’.

In the true domain of your provided phishing link is bukafa.com

I hope that helps!